Tag: Tor

The change, to curtail access to the Canvas API, is incremental and likely to be limited in how it is visible to regular users. However it signals some progress in a collaboration with the Tor project to incorporate code and ideas that benefit the privacy features of Firefox and Tor Browser. The Register’s write up includes a pretty good explainer on fingerprinting and why finding ways to mitigate it is important.Read More …

EFF has just announced a challenge, asking all comers to consider setting up a relay for the anonymizing Tor network. Tor stands for The Onion Router referring to the layers of encryption added with each routing hop. Relays are critical to increase the capacity of the network overall as they are the nodes doing the encrypting and routing heavy lifting. Traditionally clients have far outstripped relays yielding a less than optimal experience when making use of Tor.

There is far more information at the challenge page, including both instructions and most critically a legal FAQ. If you are going to run a relay, whether or not you will do so as an exit relay, you need to be aware of the legal issues inherent in doing so. The FAQ is a good resource to that end and even links to a list of ISPs that are known tolerant of and prohibiting Tor relays around the world.

DuckDuckGo search engine errects Tor hidden service
Slashdot shares news that DuckDuckGo has made it easier to use their search engine without leaving the privacy preserving penumbra of the Tor network. Previously, the search engine set up a dedicated exit node which actually allowed searchers to keep their search traffic encrypted. Tor’s hidden services eliminate the need to start on the regular, unencrypted network at all before switching over to access services via encrypted traffic.

Samuelson’s latest call for copyright reform
Groklaw, among others, also linked to this short article at the SFGate to which Cory linked in his discussion of Boyle’s and Jenkin’s new copyright comic book. It is a very accessible explanation of why reform is needed, prompted by the disruptions digital copying has wrought and the ensuing norms. It concludes with a brief recap of suggested areas for change that Samuelson has explored more fully in her academic writing.

Microsoft issues blanket license to NGOs outside the US
As Slashdot and others are reporting, this move by the Redmond giant is in direct response to the abuse of infringement claims for the purposes of suppressing speech. This is a laudable move by a company with a traditionally dour stance on intellectual property enforcement of all kinds.

Appeals court guts landmark computer privacy ruling
David Kravets explains in a piece for Ars Technica how the 9th circuit caved under pressure from federal prosecutors who felt Miranda-like guidelines were crippling their investigations. I can understand how such rules can be problematic procedurally, maybe even out of proportion with the protections they are supposed to confer. Unfortunately, this is a giant step backwards, not anything that can readily be described as justifiable streamlining.

Register of copyrights to retire
Nate Anderson at Ars Technica explains one side of why I feel so ambivalent about the outgoing Register, Marybeth Peters. He fails to give her credit for her views on the orphan works problem, though, that balances somewhat her archaic views on new forms of expression like digital remixes. I expect this issue to heat up considerably as Big Content will no doubt do everything in their power to see a successor who leans even further towards their views. The fact that the Obama administration is lousy with appointments of former industry attorneys has me more than a little concerned.

Distributed computing project spots astronomical oddity
I’ve always found the idea of harnessing spare CPU cycles from home computers and applying it to really big, data intensive projects fascinating. My own computers have been enrolled in such efforts on and off over the years. John Timmer at Ars Technica has news of the discovery of a rare pulsar as part of a side project at Einstein@Home, one of the many distributed efforts using the BOINC platform.

DuckDuckGo now operates a Tor exit enclave
Via Hacker News. “I believe this fits right in line with our privacy policy. Using Tor and DDG, you can now be end to end anonymous with your searching. And if you use our encrypted homepage, you can be end to end encrypted as well.”

Open source givers and takers
I think Mike Loukides’ analysis at O’Reilly Radar of some recent stats on open source usage vs. contribution is spot on. The bargain isn’t that all people gaining from open source give back, it isn’t even necessary for projects to thrive. Recent studies around Wikipedia illustrate how the same asymmetry can still yield incredibly worthwhile results from a much small core of contributors within a larger community of more passive users or lower volume contributors.

The HTTPS Everywhere add on for Firefox doesn’t encrypt your activities online itself but it does switch your connection on supported sites over to take advantage of SSL. I pay a lot more attention to services that offer encrypted connections but not all of them use it by default. And I certainly cannot keep track of all of those that offer SSL at all whether it is the default or not. I am pretty happy to see an add on that makes using more secure connections simple and automatic.

As always, even if you’re at an HTTPS page, remember that unless Firefox displays a colored address bar and an unbroken lock icon in the bottom-right corner, the page is not completely encrypted and you may still be vulnerable to various forms of eavesdropping or hacking (in many cases, HTTPS Everywhere can’t prevent this because sites incorporate insecure third-party content).

That’s a thoughtful reminder and reinforces that all this plugin does is make it easier to take advantage of a relatively more secure way of connecting to web sites than in the clear. Hopefully the add on will encourage more sites to offer a secure alternative.

In Nat Torkington’s Four Short Links on O’Reilly Radar, he links toOrbot, an Android application that allows users to proxy any or all of their network traffic through the privacy enhancing network. (Tor, or The Onion Router, works by establishing a network of relay nodes hops through which add layers of encryption, like an onion.) Reading the details, Orbot is a comparable bundle of software to what has been available on desktop OSes. It includes Tor itself, libevent and privoxy.

If I recall correctly, previously it was possible to run a browser that integrates with Tor on Android, but now Orbot makes it easier to use Tor with any application. The project page has clear instructions, made a lot simpler if your device is rooted. There are also screen shots showing the application running, the capabilities look very comparable to Vidalia, the bundle I use on OS X.

Tor is typically quite slow due to the small number of relay nodes and the overhead of the encrypting and decrypting of traffic. I would imagine that the lighter data utilization for some aspects of a smart phone may be better matched with the speed penalty Tor imposes.

The top use, the one for which Tor was originally intended, is circumventing censorship. Being able to access that same protection from a smart phone will undoubtedly by invaluable to journalists and activists in situations where getting to a computer isn’t feasible or possible.

Categories

Endorsements

"[T]houghtful, informative, and deep, a real plunge into the geeky end of the news-pool. There's great analysis and rumination, as well as detailed explanations of important security issues with common OSes and so on." -- Cory Doctorow